>>>>> "Henry" == Henry Hertz Hobbit <hhhobbitat_private> writes: Henry> No they aren't secure, at least as a general rule. You can't easily Henry> change what a binary does without actually replacing the binary. Henry> With a shell script, all kinds of possibilities exist. If you can Henry> exit to a shell the possibility of gaining unauthorized root access Henry> exists. Trojan statements can be inserted in the shell file to cause Henry> damage. What does the floppy device have to do with anything??? Really? You can exit to a shell? And how would you do that? If you write bad code in _any_ language, it's insecure. As for /dev/fd/n, it isn't a floppy disk, it's a file-descriptor filesystem that stops the bait-and-switch symlink race. The OS calls /bin/sh (or whatever) on the already-opened file as /dev/fd/n (think of it as a shell-based fdopen()). -- Carson Gaspar -- carsonat_private carsonat_private carsonat_private http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:31 PDT